In recent years individuals and businesses have become increasingly dependent upon processor-based devices, such as computers and the like. Particularly, with the advent of the Internet, the use of processor-based devices connected to a network has become increasingly commonplace. In fact, many businesses have critical systems connected to public networks.
With the increased use of processor-based devices, and particularly processor-based devices connected to networks, fears associated with the security of those networks and the devices connected thereto have also increased. For example, computer users or other entities with malicious intent (e.g., hackers, etc.) may attempt to gain unauthorized access to devices connected to a public network (e.g., the Internet). Additionally, malicious data can be contained in network traffic, such as electronic mail (email) communications, or other network communications. Receipt of malicious communications by way of a network can endanger both the receiving device and any other devices connected to the network. Thus, even well protected devices that are difficult to access via a public network can be impacted when a different device within the same network is impacted. For example, an e-mail containing a virus could be downloaded by an authorized user (e.g., using a workstation on the network) via a public network, and unintentionally passed to a sensitive device (e.g., a server) within a private network to which the user has access.
Many attempts have been made to secure networks and network computing devices. For example, various anti-virus programs and other protective programs and devices have been designed to limit the types of communications and the content of communications received by a network or any device on a network in an attempt to thereby limit malicious communications from being received by a device on the network. Often, such programs and devices rely on lists of known viruses or malicious content, which are frequently updated, and used as the basis of preventing communications of malicious or otherwise undesirable data within a network. Because of the ever-evolving nature of computer viruses and other malicious communications, however, it is difficult to sufficiently maintain such blocking programs or devices (even if updated) to prevent all viruses, malicious payloads, and otherwise undesirable data from reaching devices within a network intended to be protected by those programs.
Some networks make use of decoy systems or so-called “honeypot” devices, which appear to malicious, unauthorized users, to be easy or desirable targets within a given network. Decoys or honeypots can be used to attract malicious communications, which can be analyzed after being attracted and received. Upon analysis of payloads attracted to decoy or honeypot systems, network or device configurations can be altered to prevent attacks of the type analyzed from being successful with any network devices in the future.
One problem with decoy devices or honeypot devices is that they are often easily detected. For example, some decoy devices can attract communications from outside of a network but are incapable of properly responding to the attracted communication (e.g., responding to a query within an intercepted or attracted communication). Thus, the entity sending the communication attracted by the decory device may become aware that the communication has been apprehended because the communication has not been properly responded to.
Additionally, other techniques for safeguarding network devices and communications received by those devices may block various ports of the network that present possibly vulnerable entry points. Thus, for example, ports that could potentially be exploited by a malicious user or communication can be prevented from receiving communications at all. However, some types of attacks can detect such blocks or otherwise determine that certain ports are being blocked. Using this information, traits about a network, such as the network's available services, the network's topology, or other traits can be detected and potentially exploited. Additionally, by blocking all communications on certain ports, even permissible communications are prevented from being received or transmitted via those ports, which could be problematic.
Once any of the prior systems intended to protect a network has been defeated, the network is vulnerable, and a malicious entity, such as a hacker or a virus, may be capable of exploiting knowledge unwittingly given. In certain instances, such information can unintentionally be provided by the very system or technique intended to protect a network from receiving malicious communications or otherwise being attacked or compromised.
Accordingly, it would be desirable to develop a system or method capable of adequately protecting a network, such as a system or method that is capable of dynamically adapting to new threats. Additionally, it would be desirable to avoid giving any knowledge of the network, devices on the network, or the structure of the network itself to external entities, such as unauthorized users, hackers, or the like to limit the potential attacks on the network.